[Samba] Removing Everyone access on Samba shares
henke at mac.se
Thu Aug 17 06:38:07 GMT 2006
Debian etch (ext3 with acl) with Samba 3.0.22, kerberos5, winbind.
Samba box added to a Windows 2003 Domain.
Winbind works as expected. It is possible to use domain accounts to
access the shares.
What I wonder is how to remove the Everyone and Domain Users entries
in the Security Tab in Windows.
As I understand it. Everyone always show because of the POSIX "other"
in the ext3 filesystem or?
Can I use domain accounts with force group and force user?
Is there a way to configure my shares so the permissions are
inherited on files and folders created on my share?
I've also tried different local acls with setfacl and it has helped
me some but now I'm confused of where to put what. :)
workgroup = NVS
netbios name = sambacube
server string = Sambacube
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum groups = yes
winbind enum users = yes
winbind use default domain = yes
log file = /var/log/samba/log.smbd
max log size = 50
realm = NVS.COM
security = ads
password server = 10.170.0.40
encrypt passwords = yes
domain master = no
preferred master = no
wins server = 10.170.0.40
dns proxy = no
unix charset = UTF-8
display charset = UTF-8
enable privileges = yes
nt acl support = yes
dos filemode = yes
security mask = 0777
force security mode = 0
directory security mask = 0777
force directory security mode = 0
force create mode = 0660
force directory mode = 0770
path = /home/affe/projekt
read only = No
admin users = Administrator,@"NVS\Domain-Admins"
valid users = @"NVS\114-KRS-Users",@"NVS\Domain Admins"
write list = @"NVS\114-KRS-Users",@"NVS\Domain Admins"
debian:/etc/samba# getfacl /home/affe/projekt
# file: home/affe/projekt
# owner: administrator
# group: Domain\040Admins
More information about the samba